Digital Risk Grc Expert

**Find your purpose at KPMG Luxembourg**

Join a team of diverse and dedicated problem solvers, connected by a common cause: to turn insight into opportunity for clients and communities around the world. If you are eager to learn, are interested in growing rapidly and strive to make an impact in a diverse environment, you're in the right place at the right time.

Learn more about Careers at KPMG Luxembourg

Join our dynamic Information Security team as a Digital Risk GRC Expert and play a key role in shaping the firm’s security and compliance strategy. This is your opportunity to drive real impact by helping us manage risk, stay ahead of regulatory challenges, and build a best-in-class governance, risk, and compliance program. You will work cross-functionally with business and technical teams to implement robust frameworks that ensure resilience, regulatory alignment, and business continuity.

**What you will be working on**:
**Lead Risk & Compliance Initiatives**
- Drive the development and deployment of technical security standards and tools to proactively mitigate information security risks.
- Lead the identification and treatment of non-conformities and exceptions related to security policies, ISO27001 norms, and GDPR compliance.
- Conduct thorough compliance assessments and provide guidance on regulatory and contractual requirements.
- Review contracts with a security lens and contribute to client RFPs by ensuring compliance and security excellence in all deliverables.

**Build and Strengthen Governance Frameworks**
- Develop a scalable risk decision-making framework to prioritize focus areas and support informed decisions.
- Partner with key stakeholders (Information Security Officer, NITSO, QRMP) to align governance efforts and embed security into the business.
- Monitor evolving regulations and industry standards to ensure ongoing compliance and adapt security policies accordingly.

**Enhance Risk Management Capability**
- Design and implement a Risk Management Framework using ISO27005 standards and associated tools.
- Perform regular risk assessments, track compliance metrics, and drive continuous improvement.
- Provide insights and support for internal and external audits, as well as third-party security evaluations.

**What we look for**:
**Your Background**
- Master’s degree in IT or a related field, with a specialization in Information Security.
- Minimum of 6 years of hands-on experience in information security, including at least 2 years focused on compliance and/or risk management.
- Your Skills and Knowledge
- Deep understanding of ISMS and ISO 27001 implementation.
- Proficient in Information Security Risk Management methodologies (ISO27005).
- Solid knowledge of IT systems including infrastructure, software development, and data protection.
- Certifications such as ISO27001 Lead Implementer and ISO27005 Risk Manager are essential.
- CISSP, CISM, or similar credentials are a strong plus.
- Strong project management capabilities and the ability to lead cross-functional initiatives.

**Your Personal Strengths**
- Meticulous, analytical, and results-driven.
- Exceptional communication, writing, and documentation skills.
- Comfortable engaging with stakeholders at all levels and presenting complex ideas with clarity.
- A proactive and independent mindset, with the ability to collaborate effectively in a team setting.
- A client-focused and business-oriented approach to solving security challenges.

**What you will get**

We offer more than just a job. With our flexible work model, you can work, rest and recharge. Our competitive compensation packages, paid time off, recognition bonuses and dedicated programs for personal development and well-being help to keep you refreshed and motivated.

We will accompany you on a journey of professional growth, offering an expansive spectrum of prospects to elevate your career in Luxembourg, an emerging financial center. Feel a sense of belonging by enjoying year-round celebrations and engaging events that bring us all together.

Join our next generation

**#FindYourPurposeAtKPMG #TeamBlue**

KPMG is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. Our recruiting decisions are based on your experience and skills.